Operating system requirements

You can install the add-on on Splunk Enterprise instances that run a supported operating system. See the list of supported Windows and *nix operating systems.

What versions of Splunk does the add-on support?

All Splunk Enterprise search heads require Splunk Enterprise version 7.0 or later

What versions of Active Directory does the add-on support?

The Splunk Supporting Add-on for Active Directory supports the following versions of Active Directory:

Microsoft Windows Server 2008 Active Directory Domain Services

Microsoft Windows Server 2008 R2 Active Directory Domain Services

Microsoft Windows Server 2012 Active Directory Domain Services

Microsoft Windows Server 2012 R2 Active Directory Domain Services

The add-on does not support AD Lightweight Directory Services (AD LDS) or other Lightweight Directory Access Protocol (LDAP) server types.

Distributed installation of this add-on

This table provides a quick reference for installing this add-on onto a distributed deployment of Splunk Enterprise.

Splunk instance type

Supported

Required

Comments

Search Heads

Yes

Yes

The host must run a supported version of Windows and have access to the domain controller for the domain / forest that you want to get events. The configurations you make must be identical across the search head and all search peers.

Indexers

On search peers only

Depends

The host must run a supported version of Windows. If the indexer acts as a search peer, then you must install it on all indexers that act as search peers. The search peers must have access to the domain controller for the domain / forest that you want to get events. Additionally, the configurations you make must be identical across the search head and all other search peers.

Heavy Forwarders

Yes

No

The host must run a supported version of Windows. In this configuration, you can route events from the add-on to other Splunk Enterprise instances based on target index, or filter the data to extract only the events you want.

Universal Forwarders

No

No

The add-on does not perform any function when you install it on this type of Splunk instance.

Light Forwarders

No

No

The add-on does not perform any function when you install it on this type of Splunk instance. Also, light forwarder functionality has been deprecated and could be removed in a future version of the Splunk software.

Distributed deployment compatibility

This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature

Supported

Comments

Search Head Clusters

Yes

Configure your search head cluster first, then perform an installation of the add-on. The cluster replicates the configurations.

Indexer Clusters

No

Deployment Server

Yes

You can deploy the add-on to search heads.

What are the other prerequisites?

The 'admin_all_objects' Splunk account capability

The Splunk Supporting Add-on for Active Directory requires the admin_all_objects capability to read storage passwords. The admin user has this capability by default. If you do not want to use the admin user, then any user you do use must have this capability added to its profile.

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

Feedback submitted, thanks!

You must be logged into splunk.com in order to post comments.
Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic.
If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk,
consider posting a question to Splunkbase Answers.

0
out of 1000 Characters

Your Comment Has Been Posted Above

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website.
Learn more (including how to update your settings) here »